The Agent Skills Directory

[SAFE]: The skill provides instructional material and auditing scripts aimed at improving the security posture of GitHub Actions workflows.\n- [SAFE]: The Python scripts (scripts/agent.py and scripts/process.py) use yaml.safe_load() to parse workflow files, which is a security best practice to prevent YAML-based injection attacks.\n- [SAFE]: External resources and tools referenced, such as StepSecurity Harden Runner, OpenSSF Scorecard, and actionlint, are well-known and reputable services within the cybersecurity and DevSecOps communities.\n- [SAFE]: The skill does not contain any hardcoded credentials, unauthorized network operations, or obfuscated code. Its behavior is consistent with its purpose as a security auditing tool.

securing-github-actions-workflows